一、試驗環境及準備
本次實驗用了三臺centos7服務器,詳情如下表:
| 主機 | 角色 | 系統 |
|---|---|---|
| 10.0.0.101 | PRIMARY | centos7 |
| 10.0.0.102 | SECONDARY | centos7 |
| 10.0.0.103 | SECONDARY | centos7 |
下載安裝包
下載地址:https://www.mongodb.com/download-center/v2/community
二、搭建步驟
1、上傳、解壓包
[root@test101 ~]# tar xf mongodb-linux-x86_64-4.0.2.tgz
[root@test101 ~]# ll
總用量 69364
-rw-------. 1 root root 1502 12月 14 2017 anaconda-ks.cfg
drwxr-xr-x. 3 root root 120 10月 9 10:18 mongodb-linux-x86_64-4.0.2
-rw-r--r--. 1 root root 71023715 10月 9 10:12 mongodb-linux-x86_64-4.0.2.tgz
[root@test101 ~]# mv mongodb-linux-x86_64-4.0.2 /usr/local/mongodb2、配置環境變量
在/etc/profile文件末尾加入mongo的環境變量:
[root@test101 local]# echo "export PATH=/usr/local/mongodb/bin:\$PATH" >>/etc/profile
[root@test101 local]# source /etc/profile3、編寫配置文件
注意:/etc/mongodb/mongo.conf的路徑和文件都是不存在的,需要自己創建
[root@test101 bin]# mkdir /etc/mongodb
[root@test101 bin]# cat /etc/mongodb/mongo.conf #這裏只配置了一些基本的配置
net:
port: 27017 #用的默認端口27017
bindIp: 0.0.0.0 #這裏默認的是127.0.0.1,如果不配置成0.0.0.0,在後面做副本集的時候會失敗
systemLog:
destination: file
path: "/opt/mongodbdata/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /opt/mongodbdata
setParameter:
enableLocalhostAuthBypass: true
processManagement:
fork: true
pidFilePath: "/opt/mongodbdata/mongod.pid"
[root@test101 bin]# 4、創建配置文件目錄
[root@test101 bin]# mkdir /opt/mongodbdata5、啓動服務
[root@test101 ~]# /usr/local/mongodb/bin/mongod -f /etc/mongodb/mongo.conf
about to fork child process, waiting until server is ready for connections.
forked process: 4390
child process started successfully, parent exiting
[root@test101 ~]# netstat -tlunp|grep 27017
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 4390/mongod
[root@test101 ~]# 6、創建管理員用戶和權限
登錄進去MongoDB,執行下面三條命令即可
> use admin; #切換到admin數據庫
> db.createRole({role:'sysadmin',roles:[],privileges:[{resource:{anyResource:true},actions:['anyAction']}]}); #創建一個超級管理員的角色,並賦予相應的權限
> db.createUser({user:'root',pwd:'root',roles:[{role:'sysadmin',db:'admin'}]}); #創建一個超級管理員賬號,並賦予上面的超級管理員角色和權限 ,pwd自定義具體操作:
[root@test101 local]# mongo #無密碼登錄
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
Server has startup warnings:
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
> show dbs;
admin 0.000GB
config 0.000GB
local 0.000GB
> use admin #切換到admin數據庫
switched to db admin
> db.createRole({role:'sysadmin',roles:[],privileges:[{resource:{anyResource:true},actions:['anyAction']}]}); #創建一個超級管理員的角色,並賦予相應的權限
{
"role" : "sysadmin",
"roles" : [ ],
"privileges" : [
{
"resource" : {
"anyResource" : true
},
"actions" : [
"anyAction"
]
}
]
}
> db.createUser({ #創建一個超級管理員賬號,並賦予上面的超級管理員角色和權限
... ... ... ...
... ... ... ... user:'root',
... ... ... ...
... ... ... ... pwd:'root',
... ... ... ...
... ... ... ... roles:[
... ... ... ...
... ... ... ... {role:'sysadmin',db:'admin'}
... ... ... ...
... ... ... ... ]});
Successfully added user: {
"user" : "root",
"roles" : [
{
"role" : "sysadmin",
"db" : "admin"
}
]
}
> exit
bye退出後用新的超級管理員賬號登錄:
[root@test101 mongodb]# mongo -u"root" -p"root" --authenticationDatabase "admin"
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
Server has startup warnings:
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
> show dbs;
admin 0.000GB
config 0.000GB
local 0.000GB以上步驟在三臺主機上都要執行。
7、生成集羣之間的安全認證機制KeyFile
在PRIMARY主機10.0.0.101機器上生成的KeyFile
[root@test101 local]# openssl rand -base64 745 >>/etc/mongodb/mongodb-keyfile
[root@test101 local]# cat /etc/mongodb/mongodb-keyfile
SgbDaERMIChd3MbuQ6WN7LJ7gI5FhOUI8D/uLxSHsH3buTDA0qjwcO1fP9/jRNkI
H+soQ/F/X7IUOnG238UjtO263/SwWebGMGd09u0VbyQwI1splmr+xeR3YDFWD0rw
stmDGcz6m/2ABfYTtKh/hIjZE5Yc1NSEWFmPNrhVbWsgD0BSI9CUr9JYTTnc1tl7
gycp9SsoPuoGLlPhnB8TG7Pu0rmNTuWq5DJnCG4fDClvkDJnlnDW59KDmfrLwnO3
ccLmb/+5OQNi1SGRsrdR3I8y2LE/lR6cK4cKX3GtiQB+BR3+BYdYCNVXpWC4Fw6z
xViVMKdPM4QIF99D+RLbwc16L9FQtlKy4NyHP5XyDmeMvfVDL5RIk8YVogZ3Y5Zr
1jgF2HxTEsxQ4TEZ2KUKA/gWZnTypXZ83Zso0XRk+n0pBSkwiG96Sk6fS9FiWwhp
v4Z80w1HS2L+dg8Qe3d1U+bl1Ro4Nj+sjxmXCFigJFRI4n40N+TCWHYJHx0l3BWm
3q2YyETol0+OrjIU71nFsGtUnP0seXa1HJsCtYCR7QFDf6uAE2u7JQD9Okram3In
crH/tuvdnq8Fi3FVsXxgoIMZhuYNr4kOLIszHQcv5Z/F1D+JmdD+yUvEzx+S7Npp
RZiXKz+kVKY1SFpDoMXZ7kv5oC+K5Ag3ZFPU+8SDh99dZCfq2z5TW+XiQTWB4Wh0
XlTae7IE15ILdLPpy+GQ9rtC4rlRmkdC9lNb6bOuYw3CbN0ANjVed1tenOEsBJ7Y
DFIeWNdnze5H38t2m2BrXpMbXLIZ3n4Ze/89th+UQnlP2ij0FMWFnMIxa6Dq3wqL
aEWvOXukbMbAw/vZZU5Ad2JmtBmClf6vP59fetz1wPCZFBqTF+NiNWEmlzuBEJwy
YBDzjWUiLODdopKugzZ+hxsSieYIZYzMg1CO9gAL2572mvOcPrUIWekC+gqWaZE7
wBQ5f3HmRAnHY4Wa/MYuEDCMrNtqNNy5hg==
[root@test101 local]# 將10.0.0.101主機生成的mongodb-keyfile拷貝到另外兩臺SECONDARY機器上的/etc/mongodb/目錄下,三臺主機的mongodb-keyfile文件權限都改成400
8、修改三臺主機的配置文件
修改三臺主機的/etc/mongodb/mongo.conf,並將三臺主機的MongoDB服務分別重啓
[root@test101 mongodb]# cat /etc/mongodb/mongo.conf
net:
port: 27017
bindIp: 0.0.0.0
systemLog:
destination: file
path: "/opt/mongodbdata/mongod.log"
logAppend: true
storage:
journal:
enabled: true
dbPath: /opt/mongodbdata
setParameter:
enableLocalhostAuthBypass: true
processManagement:
fork: true
pidFilePath: "/opt/mongodbdata/mongod.pid"
#加入下面的幾行內容:
replication:
replSetName: CrystalTest #replSetName自定義
security:
authorization: enabled
keyFile: "/etc/mongodb/mongodb-keyfile" #步驟7生成的安全認證機制KeyFile
[root@test101 mongodb]# 9、初始化副本集
在初始化集羣的時候,可以在所有機器上改好配置文件,並重啓服務之後,一次性完成。也可以先初始化PRIMARY,然後再把SECONDARY主機一臺一臺加進去:
方法1——一次性初始化完成
> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"},{_id:1,host:"10.0.0.102:27017"},{_id:2,host:"10.0.0.103:27017"}] };
> rs.initiate(config);方法2——先初始化PRIMARY再加入SECONDARY:
先在PRIMARY上做如下兩步操作:
> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"}]};
> rs.initiate(config);具體操作:
> config = { _id:"CrystalTest", members:[{_id:0,host:"10.0.0.101:27017"}]};
{
"_id" : "CrystalTest",
"members" : [
{
"_id" : 0,
"host" : "10.0.0.101:27017"
}
]
}
> rs.initiate(config);
{
"ok" : 1,
"operationTime" : Timestamp(1539054593, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539054593, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:OTHER>
CrystalTest:PRIMARY> #執行完上面的步驟,過一會兒,狀態就從OTHER變成PRIMARY
CrystalTest:PRIMARY> 然後加入另外兩臺主機:
> rs.add("10.0.0.102:27017")
> rs.add("10.0.0.103:27017")具體操作:
CrystalTest:PRIMARY> rs.add("10.0.0.102:27017") #添加10.0.0.102主機
{
"ok" : 1,
"operationTime" : Timestamp(1539056959, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539056959, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:PRIMARY> rs.add("10.0.0.103:27017") #添加10.0.0.103主機
{
"ok" : 1,
"operationTime" : Timestamp(1539057016, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539057016, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:PRIMARY> rs.status() #查看集羣狀態
{
"set" : "CrystalTest",
"date" : ISODate("2018-10-09T03:50:18.692Z"),
"myState" : 1,
"term" : NumberLong(2),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"appliedOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"durableOpTime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
}
},
"lastStableCheckpointTimestamp" : Timestamp(1539056959, 1),
"members" : [
{
"_id" : 0,
"name" : "10.0.0.101:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 286,
"optime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDate" : ISODate("2018-10-09T03:50:16Z"),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"electionTime" : Timestamp(1539056735, 1),
"electionDate" : ISODate("2018-10-09T03:45:35Z"),
"configVersion" : 3,
"self" : true,
"lastHeartbeatMessage" : ""
},
{
"_id" : 1,
"name" : "10.0.0.102:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 58,
"optime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDurable" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDate" : ISODate("2018-10-09T03:50:16Z"),
"optimeDurableDate" : ISODate("2018-10-09T03:50:16Z"),
"lastHeartbeat" : ISODate("2018-10-09T03:50:18.661Z"),
"lastHeartbeatRecv" : ISODate("2018-10-09T03:50:18.227Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : 3
},
{
"_id" : 2,
"name" : "10.0.0.103:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 2,
"optime" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDurable" : {
"ts" : Timestamp(1539057016, 1),
"t" : NumberLong(2)
},
"optimeDate" : ISODate("2018-10-09T03:50:16Z"),
"optimeDurableDate" : ISODate("2018-10-09T03:50:16Z"),
"lastHeartbeat" : ISODate("2018-10-09T03:50:18.671Z"),
"lastHeartbeatRecv" : ISODate("2018-10-09T03:50:18.495Z"),
"pingMs" : NumberLong(1),
"lastHeartbeatMessage" : "",
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : 3
}
],
"ok" : 1,
"operationTime" : Timestamp(1539057016, 1),
"$clusterTime" : {
"clusterTime" : Timestamp(1539057016, 1),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
CrystalTest:PRIMARY> 登錄10.0.0.102和10.0.0.103主機的MongoDB查看角色都變成了SECONDARY:
[root@test102 mongodb]# mongo -u"root" -p"root" --authenticationDatabase "admin"
MongoDB shell version v4.0.2
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 4.0.2
Server has startup warnings:
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2018-10-09×××1:43:07.280+0800 I CONTROL [initandlisten]
>
CrystalTest:SECONDARY>
CrystalTest:SECONDARY>
CrystalTest:SECONDARY> 至此,集羣搭建完畢